linux/sound/core
Takashi Iwai 2a3f7221ac ALSA: core: Fix card races between register and disconnect
There is a small race window in the card disconnection code that
allows the registration of another card with the very same card id.
This leads to a warning in procfs creation as caught by syzkaller.

The problem is that we delete snd_cards and snd_cards_lock entries at
the very beginning of the disconnection procedure.  This makes the
slot available to be assigned for another card object while the
disconnection procedure is being processed.  Then it becomes possible
to issue a procfs registration with the existing file name although we
check the conflict beforehand.

The fix is simply to move the snd_cards and snd_cards_lock clearances
at the end of the disconnection procedure.  The references to these
entries are merely either from the global proc files like
/proc/asound/cards or from the card registration / disconnection, so
it should be fine to shift at the very end.

Reported-by: syzbot+48df349490c36f9f54ab@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2019-04-16 17:06:33 +02:00
..
oss ALSA: pcm: Fix possible OOB access in PCM oss plugins 2019-03-22 16:27:03 +01:00
seq ALSA: seq: Fix OOB-reads from strlcpy 2019-04-05 14:33:01 +02:00
compress_offload.c ALSA: compress: Remove superfluous snd_info_register() calls 2019-02-06 18:11:54 +01:00
control_compat.c ALSA: control: fix a redundant-copy issue 2018-05-13 09:27:57 +02:00
control.c ALSA: control: Consolidate helpers for adding and replacing ctl elements 2018-11-24 20:04:10 +01:00
ctljack.c ALSA: declare snd_kcontrol_new structures as const 2017-05-30 10:29:25 +02:00
device.c ALSA: core: Assure control device to be registered at last 2018-05-17 08:21:23 +02:00
hrtimer.c Merge branch 'for-next' into for-linus 2017-11-13 15:43:13 +01:00
hwdep_compat.c [PATCH] hwdep_compat missed __user annotations 2006-10-10 15:37:21 -07:00
hwdep.c Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-01-31 09:25:20 -08:00
info_oss.c ALSA: core: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:16 +02:00
info.c ALSA: info: Fix racy addition/deletion of nodes 2019-04-16 15:49:48 +02:00
init.c ALSA: core: Fix card races between register and disconnect 2019-04-16 17:06:33 +02:00
isadma.c ALSA: core: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:16 +02:00
jack.c ALSA: fix kernel-doc build warning 2017-10-30 08:10:07 +01:00
Kconfig docs: Fix some broken references 2018-06-15 18:10:01 -03:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
memalloc.c ALSA: core: Don't allow NULL device for memory allocation 2019-02-05 11:05:26 +01:00
memory.c ALSA: core: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:16 +02:00
misc.c ALSA: core: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:16 +02:00
pcm_compat.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
pcm_dmaengine.c ASoC: dmaengine_pcm: Add support for packed transfers 2016-04-27 17:34:11 +01:00
pcm_drm_eld.c ALSA: pcm: use helper function to refer parameter as read-only 2017-05-17 07:24:39 +02:00
pcm_iec958.c ALSA: pcm: Allow 32 bit sample format in IEC958 channel status helper 2016-04-06 14:33:38 -07:00
pcm_lib.c ALSA: pcm: Comment why read blocks when PCM is not running 2019-02-13 08:01:05 +01:00
pcm_local.h ALSA: pcm: Unify snd_pcm_group initialization 2019-01-21 16:39:35 +01:00
pcm_memory.c ALSA: pcm: Define snd_pcm_lib_preallocate_*() as returning void 2019-02-08 14:24:12 +01:00
pcm_misc.c ALSA: pcm: add SNDRV_PCM_FORMAT_{S,U}20 2017-11-29 09:26:33 +01:00
pcm_native.c ALSA: pcm: Don't suspend stream in unrecoverable PCM state 2019-03-25 16:36:30 +01:00
pcm_param_trace.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm_timer.c ALSA: pcm: include pcm_local.h and remove some extraneous tabs 2017-05-30 18:04:47 +02:00
pcm_trace.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm.c ALSA: pcm: Remove superfluous snd_info_register() calls 2019-02-06 18:11:54 +01:00
rawmidi_compat.c ALSA: rawmidi: Fix missing input substream checks in compat ioctls 2018-04-19 18:16:15 +02:00
rawmidi.c ALSA: rawmidi: Fix potential Spectre v1 vulnerability 2019-03-21 13:21:15 +01:00
seq_device.c ALSA: seq: Cancel pending autoload work at unbinding device 2017-09-12 12:41:20 +02:00
sgbuf.c ALSA: memalloc: Add non-cached buffer type 2018-08-28 13:56:47 +02:00
sound_oss.c ALSA: core: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:16 +02:00
sound.c ALSA: core: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:16 +02:00
timer_compat.c ALSA: timer: Remove kernel warning at compat ioctl error paths 2017-11-21 16:36:11 +01:00
timer.c ALSA: timer: catch invalid timer object creation 2018-07-22 10:42:41 +02:00
vmaster.c - Introduce arithmetic overflow test helper functions (Rasmus) 2018-06-06 17:27:14 -07:00